Adobe spokeswoman Heather Edell said: "So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users.

"We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident -- regardless of whether those users are active or not."

“We are still in the process of investigating the number of inactive, invalid and test accounts involved in the incident,” she said. “Our notification to inactive users is ongoing.”

The company disclosed the initial breach on October 3, when Brad Arkin, Adobe's chief security officer, announced: "Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems.